In a noteworthy step toward international privacy collaboration, the California Privacy Protection Agency (CPPA) has entered into a formal declaration of cooperation with the U.K. Information Commissioner's Office (ICO). This pact underscores a growing global trend toward regulatory interoperability and shared enforcement strategy in the data privacy space.
This announcement signals a continued pivot toward harmonized privacy oversight—one that anticipates cross-border data flows and the convergence of enforcement practices across major jurisdictions. As privacy regimes continue to mature globally, expect more of these bilateral and multilateral alignments to emerge.
This new agreement is designed to facilitate joint research, mutual education on emerging technologies, and alignment on investigative best practices between the CPPA and ICO. It also builds on the CPPA’s expanding portfolio of global engagements, which includes cooperation agreements with privacy regulators in France, Korea, and recognition of California’s privacy framework by the Dubai International Financial Centre as offering an equivalent level of protection.
With this pact, the CPPA—still the only state-based standalone data privacy regulatory agency in the U.S.—is positioning itself as a transatlantic thought leader in data protection. New CPPA Executive Director Tom Kemp emphasized that this partnership enables California to "leverage best practices from other regulators" to enhance consumer protections at home.
The move also aligns with recent domestic efforts, including the CPPA’s collaboration with seven other states’ attorneys general to streamline privacy law enforcement and share priorities. All this comes at a critical moment, as the CPPA continues to ramp up rulemaking on high-impact areas such as risk assessments, cybersecurity audits, and AI governance under the CCPA/CPRA framework.